Manalyze report for 55fef1a53a3aea6b0c1ee98856ae389b

Summary

Architecture	`IMAGE_FILE_MACHINE_I386`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
Compilation Date	2023-Sep-22 19:32:11
Detected languages	English - United States
TLS Callbacks	1 callback(s) detected.
Debug artifacts	C:\actions-runner\_work\client\client\host\build\MinSizeRel\host.pdb
CompanyName	Jagex
FileDescription	Jagex Launcher
FileVersion	`6.2.16.0`
InternalName	host.exe
LegalCopyright	2024
OriginalFilename	host.exe
ProductName	Jagex Launcher
ProductVersion	`0.33.0`
CommandLine	--debug --debugdir="{UserAppData}Jagex Launcher/logs" --perday --maxdays=10

Plugin Output

Info	Matching compiler(s):	`Microsoft Visual C++ v6.0 DLL` `Microsoft Visual C++ 6.0 - 8.0`
Suspicious	Strings found in the binary may indicate undesirable behavior:	`Tries to detect virtualized environments: HARDWARE\DESCRIPTION\System` `Accesses the WMI: ROOT\Security root\cimv2` `Contains domain names: apple.com axis.snxd.com http://127.0.0.1 http://www.apple.com http://www.apple.com/DTDs/PropertyList-1.0.dtd https://axis.snxd.com https://axis.snxd.com/track/ www.apple.com`
Info	Cryptographic algorithms detected in the binary:	`Uses constants related to CRC32` `Uses constants related to MD5` `Uses constants related to SHA1` `Uses constants related to SHA256` `Uses constants related to SHA512`
Malicious	The PE contains functions mostly used by malware.	`[!] The program may be hiding some of its imports: GetProcAddress LoadLibraryExW LoadLibraryW LoadLibraryExA` `Functions which can be used for anti-debugging purposes: CreateToolhelp32Snapshot` `Code injection capabilities: OpenProcess VirtualAllocEx WriteProcessMemory CreateRemoteThread` `Code injection capabilities (mapping injection): CreateFileMappingW MapViewOfFile CreateRemoteThread` `Possibly launches other programs: CreateProcessW` `Can create temporary files: CreateFileA CreateFileW GetTempPathW` `Memory manipulation functions often used by packers: VirtualAllocEx VirtualProtectEx VirtualProtect` `Has Internet access capabilities: WinHttpOpen WinHttpCloseHandle WinHttpGetProxyForUrl WinHttpSetStatusCallback` `Manipulates other processes: OpenProcess Process32FirstW Process32NextW WriteProcessMemory ReadProcessMemory`
Info	The PE is digitally signed.	`Signer: Jagex Limited` `Issuer: DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1`
Safe	VirusTotal score: 0/71 (Scanned on 2024-04-22 11:09:12)	`All the AVs think this file is safe.`

Hashes

MD5	`55fef1a53a3aea6b0c1ee98856ae389b`
SHA1	`c41fd4cc2dbc5c6fe5c68d780376bef0afaf5a8f`
SHA256	`8c0f602b2dd9936e88a0b2af08c177ba80a2443672fcbdc8f7fb4122314c69f9`
SHA3	`f42715a9965f2cf4ea7c85f2cdfdd377cf01ffd846b3ed0ef5007311097f1cc6`
SSDeep	`196608:QUDKRxWd4KPUVN23nYwrUpAcltswVxv/NxZ4FdhM41Pg:QUp4tVNwYQCA8Cwvv/PSFDMGI`
Imports Hash	`377bb246ae624f3e2fc13a452200dbdc`

DOS Header

e_magic	`MZ`
e_cblp	`0x90`
e_cp	`0x3`
e_crlc	`0`
e_cparhdr	`0x4`
e_minalloc	`0`
e_maxalloc	`0xffff`
e_ss	`0`
e_sp	`0xb8`
e_csum	`0`
e_ip	`0`
e_cs	`0`
e_ovno	`0`
e_oemid	`0`
e_oeminfo	`0`
e_lfanew	`0x130`

PE Header

Signature	`PE`
Machine	`IMAGE_FILE_MACHINE_I386`
NumberofSections	`5`
TimeDateStamp	2023-Sep-22 19:32:11
PointerToSymbolTable	`0`
NumberOfSymbols	`0`
SizeOfOptionalHeader	`0xe0`
Characteristics	`IMAGE_FILE_32BIT_MACHINE` `IMAGE_FILE_EXECUTABLE_IMAGE`

Image Optional Header

Magic	`PE32`
LinkerVersion	`14.0`
SizeOfCode	`0x199c00`
SizeOfInitializedData	`0x8dc00`
SizeOfUninitializedData	`0`
AddressOfEntryPoint	`0x0016A04D (Section: .text)`
BaseOfCode	`0x1000`
BaseOfData	`0x19b000`
ImageBase	`0x400000`
SectionAlignment	`0x1000`
FileAlignment	`0x200`
OperatingSystemVersion	`6.0`
ImageVersion	`0.0`
SubsystemVersion	`6.0`
Win32VersionValue	`0`
SizeOfImage	`0x22e000`
SizeOfHeaders	`0x400`
Checksum	`0`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
DllCharacteristics	`IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE` `IMAGE_DLLCHARACTERISTICS_NX_COMPAT` `IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE`
SizeofStackReserve	`0x100000`
SizeofStackCommit	`0x1000`
SizeofHeapReserve	`0x100000`
SizeofHeapCommit	`0x1000`
LoaderFlags	`0`
NumberOfRvaAndSizes	`16`

.text

MD5	`eff6e0c491375e7c91668a29eb013f6a`
SHA1	`d2ebac8b4e44386853f09a88d8e8326c695a2cba`
SHA256	`69c74f92d003738918a279e7a224dac9156e3a92e5cb0cf294f231c9fbe5651b`
SHA3	`4a04a6aaf1a9a3b868d8cab397567c9baa88477469085c8fb243c4dce165d247`
VirtualSize	`0x199aa2`
VirtualAddress	`0x1000`
SizeOfRawData	`0x199c00`
PointerToRawData	`0x400`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_CODE` `IMAGE_SCN_MEM_EXECUTE` `IMAGE_SCN_MEM_READ`
Entropy	`6.6554`

.rdata

MD5	`9d5fdaf1922ccfd9f85cac892590fc55`
SHA1	`2432b3581fade542fc63334d01aec5f5aa222e2e`
SHA256	`484c2b69c82552bbcbef94e1fdac3cd673edd07fd4ef3283231ac3dbc21863a4`
SHA3	`0bec8ab24c0a99a1ff8e50daf719bc5004a2eccbd5ecdb76a9288badd0cfdde2`
VirtualSize	`0x51cb8`
VirtualAddress	`0x19b000`
SizeOfRawData	`0x51e00`
PointerToRawData	`0x19a000`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`5.87815`

.data

MD5	`8e8ca764ff41c74301df654f1ef3ba17`
SHA1	`5e38d96437284faa3112067bff6896340fd428aa`
SHA256	`a9cb879fd0be75fd3b1aa2480168b3bd2d780eb265f0019eb79af73d22a47a7c`
SHA3	`ae9d2ea7e91502acf3510ce302aa8dfe0e1116f5753c038352af775e633d74e0`
VirtualSize	`0xb6b4`
VirtualAddress	`0x1ed000`
SizeOfRawData	`0x7600`
PointerToRawData	`0x1ebe00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`4.15537`

.rsrc

MD5	`5905e6e7994bfda41cde3c40fd023f05`
SHA1	`e45a736c418e0939d6cb1449670ac9b8e6e727f8`
SHA256	`18fd55cb86384a8f0343e5d1ff8dd046483272bbf32a1e6f39c93baf0f958a4e`
SHA3	`aafea5c6598564b7894db430b39b108379f40942d9e34490950064d206a3e6ec`
VirtualSize	`0x1da40`
VirtualAddress	`0x1f9000`
SizeOfRawData	`0x1dc00`
PointerToRawData	`0x1f3400`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`4.71215`

.reloc

MD5	`c9a406b75afa62841bfe5ddae83eb1b0`
SHA1	`8328864d1e59112ed75a34e90b721d72d9a39a37`
SHA256	`a204940b04232dc5216ae7091f5e2ec2929ed8cc18ebdc92da9493672048cf05`
SHA3	`9b780bea0d70992ea7e292e5c0e02736bc3e2648135a46566590d702914d029f`
VirtualSize	`0x16bb4`
VirtualAddress	`0x217000`
SizeOfRawData	`0x16c00`
PointerToRawData	`0x211000`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_DISCARDABLE` `IMAGE_SCN_MEM_READ`
Entropy	`6.8133`

Imports

dbghelp.dll	`SymInitialize` `SymGetLineFromAddr64` `SymFromAddr` `SymCleanup` `SymSetSearchPathW` `SymGetSearchPathW` `SymSetOptions`
VERSION.dll	`VerQueryValueA` `GetFileVersionInfoExW` `GetFileVersionInfoSizeExW` `VerQueryValueW` `GetFileVersionInfoSizeW` `GetFileVersionInfoW`
WINHTTP.dll	`WinHttpOpen` `WinHttpCloseHandle` `WinHttpGetProxyForUrl` `WinHttpSetStatusCallback`
KERNEL32.dll	`IsBadReadPtr` `FlushInstructionCache` `WriteConsoleW` `FreeEnvironmentStringsW` `GetEnvironmentStringsW` `GetCommandLineA` `GetOEMCP` `GetACP` `IsValidCodePage` `HeapSize` `HeapReAlloc` `EnumSystemLocalesW` `IsValidLocale` `GetLocaleInfoW` `LCMapStringW` `GetTimeZoneInformation` `ReadConsoleW` `FreeLibraryAndExitThread` `ExitThread` `SetStdHandle` `GetCurrentProcess` `TerminateProcess` `GetModuleHandleW` `GlobalAlloc` `GlobalFree` `CompareStringW` `DeleteFileW` `GetLastError` `SetEnvironmentVariableW` `VerSetConditionMask` `GetCommandLineW` `VerifyVersionInfoW` `GetFileAttributesW` `GetModuleFileNameW` `OutputDebugStringA` `OutputDebugStringW` `GetProcAddress` `LoadLibraryExW` `LoadLibraryW` `FreeLibrary` `GetEnvironmentVariableW` `GetStdHandle` `CreateFileA` `CreateFileW` `QueryDosDeviceW` `WriteFile` `IsDebuggerPresent` `CloseHandle` `HeapAlloc` `HeapFree` `GetProcessHeap` `DeviceIoControl` `WaitForSingleObject` `GetExitCodeProcess` `CreateProcessW` `GetProcessId` `InitializeProcThreadAttributeList` `DeleteProcThreadAttributeList` `UpdateProcThreadAttribute` `OpenProcess` `GlobalMemoryStatusEx` `GetSystemDirectoryW` `GetWindowsDirectoryW` `CreateFileMappingW` `MapViewOfFile` `FreeResource` `GetModuleHandleA` `LoadResource` `LockResource` `SizeofResource` `FindResourceW` `LocalAlloc` `LocalFree` `SetThreadExecutionState` `MoveFileWithProgressW` `AllocConsole` `FreeConsole` `SetConsoleCtrlHandler` `SetConsoleTitleW` `CreateToolhelp32Snapshot` `Process32FirstW` `Process32NextW` `SetCurrentDirectoryW` `GetCurrentDirectoryW` `CreateDirectoryW` `FindClose` `FindFirstFileW` `FindNextFileW` `GetDiskFreeSpaceW` `GetFileAttributesExW` `GetLongPathNameW` `RemoveDirectoryW` `SetEndOfFile` `SetFileAttributesW` `SetFileInformationByHandle` `SetFileTime` `GetTempPathW` `RaiseException` `GetOverlappedResult` `Sleep` `GetCurrentProcessId` `GetCurrentThread` `GetCurrentThreadId` `SetThreadPriority` `GetNativeSystemInfo` `VirtualQuery` `UnmapViewOfFile` `FormatMessageA` `CopyFileExW` `MoveFileExW` `FileTimeToSystemTime` `SystemTimeToFileTime` `GetFileInformationByHandleEx` `GetLocaleInfoEx` `ReadFile` `SetFilePointerEx` `CreateIoCompletionPort` `GetQueuedCompletionStatus` `PostQueuedCompletionStatus` `MulDiv` `IsProcessorFeaturePresent` `GetTickCount64` `InitializeCriticalSection` `EnterCriticalSection` `LeaveCriticalSection` `DeleteCriticalSection` `FlushFileBuffers` `SetHandleInformation` `CreatePipe` `ConnectNamedPipe` `DisconnectNamedPipe` `PeekNamedPipe` `CreateNamedPipeW` `WaitNamedPipeW` `SetLastError` `SetEvent` `ResetEvent` `CreateEventW` `ReleaseSemaphore` `CreateSemaphoreW` `RtlCaptureContext` `SetUnhandledExceptionFilter` `CreateThread` `TerminateThread` `VirtualQueryEx` `DuplicateHandle` `SetNamedPipeHandleState` `TransactNamedPipe` `WaitForMultipleObjects` `UnregisterWait` `RegisterWaitForSingleObject` `TerminateJobObject` `GetModuleHandleExW` `SetInformationJobObject` `GetUserDefaultLangID` `GetUserDefaultLCID` `GetUserDefaultLocaleName` `EnumSystemLocalesEx` `HeapDestroy` `GetTickCount` `TryAcquireSRWLockExclusive` `ReleaseSRWLockExclusive` `UnregisterWaitEx` `IsWow64Process` `GetThreadId` `GetThreadPriority` `GetFileType` `HeapSetInformation` `SetProcessDEPPolicy` `VirtualAllocEx` `GetVersionExW` `GetProductInfo` `AssignProcessToJobObject` `WriteProcessMemory` `ReadProcessMemory` `GetCurrentProcessorNumber` `SetThreadAffinityMask` `VirtualFree` `GetProcessHeaps` `AcquireSRWLockExclusive` `GetSystemTimeAsFileTime` `QueryPerformanceFrequency` `QueryPerformanceCounter` `GetLocalTime` `CreateJobObjectW` `QueryInformationJobObject` `VirtualProtectEx` `ExpandEnvironmentStringsW` `CreateMutexW` `VirtualFreeEx` `GetProcessHandleCount` `TlsGetValue` `lstrlenW` `DebugBreak` `TlsAlloc` `TlsFree` `TlsSetValue` `GetFileSizeEx` `RtlCaptureStackBackTrace` `CreateRemoteThread` `GetSystemInfo` `WideCharToMultiByte` `MultiByteToWideChar` `FindFirstFileExW` `SleepConditionVariableSRW` `WakeAllConditionVariable` `GetConsoleMode` `VirtualProtect` `LoadLibraryExA` `UnhandledExceptionFilter` `GetStartupInfoW` `InitializeSListHead` `InitializeCriticalSectionEx` `EncodePointer` `DecodePointer` `LCMapStringEx` `GetStringTypeW` `GetCPInfo` `RtlUnwind` `InitializeCriticalSectionAndSpinCount` `ExitProcess` `GetConsoleOutputCP`
msi.dll (delay-loaded)	`#137` `#88` `#141` `#169`

Delayed Imports

Attributes	`0x1`
Name	`msi.dll`
ModuleHandle	`0x1f77e8`
DelayImportAddressTable	`0x1f4470`
DelayImportNameTable	`0x1e9f40`
BoundDelayImportTable	`0x1eb0fc`
UnloadDelayImportTable	`0`
TimeStamp	`1970-Jan-01 00:00:00`

GetHandleVerifier

Ordinal	`1`
Address	`0x2c5a0`

IsSandboxedProcess

Ordinal	`2`
Address	`0x2f1c`

1

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x468`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`4.59078`
MD5	`74849dafe424ec305d68bfd03716775d`
SHA1	`897d8670ff36963f7bcf184392ffb8669c293521`
SHA256	`1093c318bce99e449a016aa5889317cefe1b0ca4c0b8b5ad7fb636252c3ca9df`
SHA3	`39572cf509350a793e314c7754f7b79fb6f0e6e6eaf3bc654730a2ed386590ba`

2

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x10a8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`4.26753`
MD5	`b407ffd5342215a967e9a6fa3ac21838`
SHA1	`d1be5a5cbb3a95218b01ec2c15b8f8a84f529c95`
SHA256	`76266be5cc380340e4ccfca355bad1d78ff41d2de6782472ef8baa7bac56413f`
SHA3	`4b8b85b95a3f060cf808796276f2c556f9320338a1f2159b48a4193516269a2a`

3

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x25a8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.77376`
MD5	`1375a00226798b9b393eed44e88236f9`
SHA1	`f02f510474e86383f35db0842da0afeba17883fe`
SHA256	`7cd9a96ccc0da615f2afd77e1bba1b5eab93b419a252cb40cbc81deb70125047`
SHA3	`5094a8d412ab2aaeba926093648b69e44e484d7f3e6008df4e7884f8f4768ab2`

4

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x4228`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.6732`
MD5	`5ca4fb6caa0baa8871230cdfb97a8729`
SHA1	`ea0f192e4464bc49e769fd49a7cae90381ed6508`
SHA256	`5f23a142aa64ba74b5274293955458d3cfb6c83c17c1137c48bf519bb750d013`
SHA3	`a926a0920e4ec6079f5eac0780e51522c6924be78b0fbad53021266a7e49a1da`

5

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x10828`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.40225`
MD5	`656a6abeef1f882e4d49553ea4960333`
SHA1	`2d3c524082e0bf2cc8ad45971bd7ed144f8c4860`
SHA256	`e196a481627b7d8e24b4bebd389e025cb924c090cae06c9dba750ffa73bb5f25`
SHA3	`86a8a4efc58bf1266f22d9e742048fa218d8eb4c8878589d68a30b44a98235af`

6

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x4720`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`7.94817`
Detected Filetype	PNG graphic file
MD5	`ac3f8ca0abedc7b49c06db7aedffbb42`
SHA1	`9980f1ee745b6fe17e59addfc748d143c60d637b`
SHA256	`9aa2c34aa5d9be84421e60af1b65d24c2a269a1657e423a1ba40f79f0a1c3a5d`
SHA3	`39093a38b54161f47588b6f86ff751a589b03e4a26d323e08fcd7108e95a4f14`

128

Type	`RT_GROUP_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x5a`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.54053`
Detected Filetype	Icon file
MD5	`89d87a49dd40214cffecc06b4fa17383`
SHA1	`febce496c5357f0742daa846c5ec78abb24f089e`
SHA256	`52912b83dd056c4d40656fc533d632030116ce4f4d4493ec4e8d7e735ba6824a`
SHA3	`e4ea5039006ea6927b761f85603e6d60d5bdcb077330f0e0c99227eb3ca2276b`

1 (#2)

Type	`RT_VERSION`
Language	English - United States
Codepage	UNKNOWN
Size	`0x350`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.4261`
MD5	`1556c2cd9daf03cc0ad6345d8381ce95`
SHA1	`7e88ad057aff9e7720960e405bfc0a2f05c7f05b`
SHA256	`f5597bab986251893f3a97e56cf57f9584d1f82c416e8b5eb7d535c3bd1c7b53`
SHA3	`5fc4a93b724cf08d0b399e909cc7eba3a19d3df681a9a7459aec50139c9924a8`

1 (#3)

Type	`RT_MANIFEST`
Language	English - United States
Codepage	UNKNOWN
Size	`0x849`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`5.19828`
MD5	`24df96f0bd1599ea292b31e08638e220`
SHA1	`f4f95df802df110791417d7b6a3d0c7d56a98f57`
SHA256	`dc8a34780223d90b5208ba5da5792035b009016e99ac9e4a2e3cda1338317d6d`
SHA3	`a9e10d68a0d421126899524be4f45ffc210d8ddde6a0e65e5ef338380ef012a6`

Version Info

Signature	`0xfeef04bd`
StructVersion	`0x10000`
FileVersion	6.2.16.0
ProductVersion	0.33.0.0
FileFlags	`(EMPTY)`
FileOs	`VOS_DOS_WINDOWS32` `VOS_NT_WINDOWS32` `VOS__WINDOWS32`
FileType	`VFT_APP`
Language	English - United States
CompanyName	Jagex
FileDescription	Jagex Launcher
FileVersion (#2)	6.2.16.0
InternalName	host.exe
LegalCopyright	2024
OriginalFilename	host.exe
ProductName	Jagex Launcher
ProductVersion (#2)	0.33.0
CommandLine	--debug --debugdir="{UserAppData}Jagex Launcher/logs" --perday --maxdays=10

Resource LangID	English - United States

IMAGE_DEBUG_TYPE_CODEVIEW

Characteristics	`0`
TimeDateStamp	2023-Sep-22 19:32:11
Version	`0.0`
SizeofData	`93`
AddressOfRawData	`0x1e87b4`
PointerToRawData	`0x1e77b4`
Referenced File	C:\actions-runner\_work\client\client\host\build\MinSizeRel\host.pdb

IMAGE_DEBUG_TYPE_VC_FEATURE

Characteristics	`0`
TimeDateStamp	2023-Sep-22 19:32:11
Version	`0.0`
SizeofData	`20`
AddressOfRawData	`0x1e8814`
PointerToRawData	`0x1e7814`

IMAGE_DEBUG_TYPE_POGO

Characteristics	`0`
TimeDateStamp	2023-Sep-22 19:32:11
Version	`0.0`
SizeofData	`1248`
AddressOfRawData	`0x1e8828`
PointerToRawData	`0x1e7828`

TLS Callbacks

StartAddressOfRawData	`0x5e8d18`
EndAddressOfRawData	`0x5e8d24`
AddressOfIndex	`0x5f7b88`
AddressOfCallbacks	`0x59b444`
SizeOfZeroFill	`0`
Characteristics	`IMAGE_SCN_ALIGN_4BYTES`
Callbacks	`0x0043BBF0`

Load Configuration

Size	`0xc0`
TimeDateStamp	`1970-Jan-01 00:00:00`
Version	`0.0`
GlobalFlagsClear	`(EMPTY)`
GlobalFlagsSet	`(EMPTY)`
CriticalSectionDefaultTimeout	`0`
DeCommitFreeBlockThreshold	`0`
DeCommitTotalFreeThreshold	`0`
LockPrefixTable	`0`
MaximumAllocationSize	`0`
VirtualMemoryThreshold	`0`
ProcessAffinityMask	`0`
ProcessHeapFlags	`(EMPTY)`
CSDVersion	`0`
Reserved1	`0`
EditList	`0`
SecurityCookie	`0x5f30e4`
SEHandlerTable	`0x5e82ac`
SEHandlerCount	`19`

RICH Header

XOR Key	`0x24fa77ca`
Unmarked objects	`0`
ASM objects (30795)	`26`
C++ objects (30795)	`193`
253 (VS 2015-2022 runtime 32533)	`1`
C objects (VS 2015-2022 runtime 32533)	`19`
ASM objects (VS 2015-2022 runtime 32533)	`25`
C++ objects (VS 2015-2022 runtime 32533)	`86`
C objects (CVTCIL) (30795)	`1`
C objects (30795)	`43`
C++ objects (CVTCIL) (30795)	`1`
Imports (30795)	`15`
Total imports	`620`
Unmarked objects (#2)	`330`
C++ objects (VS2022 Update 7 (17.7.0-3) compiler 32822)	`7`
C objects (VS2022 Update 7 (17.7.0-3) compiler 32822)	`277`
Exports (VS2022 Update 7 (17.7.0-3) compiler 32822)	`1`
Resource objects (VS2022 Update 7 (17.7.0-3) compiler 32822)	`1`
151	`1`
Linker (VS2022 Update 7 (17.7.0-3) compiler 32822)	`1`

55fef1a53a3aea6b0c1ee98856ae389b

Summary

Plugin Output

Hashes

DOS Header

PE Header

Image Optional Header

.text

.rdata

.data

.rsrc

.reloc

Imports

Delayed Imports

GetHandleVerifier

IsSandboxedProcess

1

2

3

4

5

6

128

1 (#2)

1 (#3)

Version Info

IMAGE_DEBUG_TYPE_CODEVIEW

IMAGE_DEBUG_TYPE_VC_FEATURE

IMAGE_DEBUG_TYPE_POGO

TLS Callbacks

Load Configuration

RICH Header

Errors